American personal finance solutions Credit Karma has suffered from a glitch that had exposed people’s credit reports to other users.
According to a report from Tech Crunch, Credit Karma customers were reported to have seen other people’s account information when they logged in to their personal accounts. The exposed info includes names, addresses, and credit details of other users.
Affected customers have been turning to Reddit and Twitter to share their frustrations and disappointment on the said glitch.
“Out of curiosity, I logged in and out of Credit Karma a couple of times … Each time I had full access to a different random person’s credit file. Extremely troubling,” a Reddit user commented.
Credit Karma is an American personal finance company that offers credit monitoring service. Under the said program, card users will be automatically notified via fraud alerts in case of any personal data misuse.
To date, the company now has over 1,000-strong employees across their offices and is currently overseeing a total of more than 100 million members in the U.S., Canada, and U.K.
“The reports are split into two sections: Credit Factors — things like a number of accounts, inquiries, utilization; and Credit Reports — personal information like name, address, etc.” another Reddit user told Tech Crunch.
“The Credit Reports section was my own information, but the Credit Factors section definitely wasn’t. It listed four credit card accounts (I have more like 20 on my report), a missed payment (I’m 100% on time with payments), a Honda auto loan (never had one with Honda), student loan financing (mine is paid off and too old to appear on my report), and cards with an issuer that I have no relationship with (Discover),” the user added.
In the same source, Credit Karma spokesperson Emily Donohue has responded to the said issue and denied there was a data breach.
“What our members experienced this morning was a technical malfunction that has now been fixed. There is no evidence of a data breach,” the company spokesperson explained.
“Credit Karma has multiple layers of defense in place that provide rigorous controls and protections to safeguard members’ personal information. Additionally, we use 128-bit or higher encryption to protect during the transmission of data to our site and encrypt data at rest,” she added.
To date, there is no definite number of users affected by the said glitch, nor is there any clear indication on how long users have been experiencing the said bug.